I don’t want to market my plugin outside of WordPress right now. I have found that it works best on open-source code. I don’t know anything about xenforo but some non-open-source developers use the same methods to encrypt or obfuscate their code as hackers do which could lean to a high rate of false positives.
If you are not sure about the code in xenforo that my plugin has found then you should examine it or even try to decrypt it first to see what it does. If your don’t know what it is or how to do that you can zip it up and send it to my and I’ll take a look at it.
That code in the GoDaddy plugin is intentional but also unsafe. They should use passthru not include so that if the images contained PHP code it would not be executed (bad coding on their part).
You can fix that threat or ignore it, it won’t make any noticeable difference on your site and it won’t affect the HTTPS issue you are having.
You should make sure your “home” and “siteurl” values in the wp_options table match up with what you have instructed google to index in your sitemap. Also make sure there are no .htaccess redirects to the site without the HTTPS if you want to use the secure URL.
Which threat was this?
If you can send me the whole code so I can see what threat it’s finding then I can improve that definition so that it stops grabbing the PHP bracks at the end of the line.
This is a JavaScript error, but I just checked your site and it is working for me. If it was not just a fluke occurrence and it continues to prevent your staff from logging in then you may want to disable the Brute-Force Login Protection (at least until you can figure out what is causing the JavaScript to break).
If you are using caching of any kind that may have resulted in the malicious code appearing on your site long after you had removed it with my plugin.
In any case it looks like you are all good now. Feel free to contact me again if it comes back, and yes, please donate if you can 
It looks like you have already removed the threat from this file. This code looks clean and your site is not showing those malicious links any more.
Did you use my plugin to remove the infection from the header.php file, or did you remove it manually?
You can paste the contents into this forum topic or reply directly to my email. Thanks!
It looks like your theme’s header.php file is still infected. If you can send me a copy of this infected file then I will add it to my definition updates so that it too can be automatically removed.
Thanks for posting your findings, I have added this new variant to my definition updates.
If you hover over that file on the results page it should pop up with a reason for the error. Maybe it’s a file size problem or a permission issue. Does it happen every time you scan?
What if you just scan the plugins directory?
That does not actually exist but the .htaccess file in that same directory should perform a rewrite that serves the appropriate JavaScript. If that is not working then there must be some PHP configuration on your server that is preventing the rewrite rule.
Also, check your footer.php, it looks like that is where the code is showing up.
I have not seen this one before. Check the header.php in your theme editor. If it’s not there try the functions.php.
I would be very interested to see the infected file if you find it. If you cannot find it I would be willing to look for it myself if you are willing to send me your wp-admin login.
Eugene, This is not a relevant topic to post your request, and I don’t see the “enclosed Paypal receipt”. Can you please email that info directly to me: eli AT gotmls DOT net
Each key is matched to a single site, but if you register the other site with the same email address then they will both by under the same account.
